A Model-Driven Approach for Accountability in Business Processes

  • Anderson Santana de Oliveira
  • Anis Charfi
  • Benjamin Schmeling
  • Gabriel Serme
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 175)

Abstract

Accountability provides the necessary assurance to different stakeholders (customers, auditors, regulators) about the correct execution of the obligations concerning compliance requirements. Modeling accountability in a business process is an important problem, as SOA is the generally accepted standard for IT systems. This requires the orchestration of several non-functional concerns across services (such as authentication, authorization, logging, among others) to attest the correct operation of control activities. In this paper, we show how a model-driven framework for non-functional concerns can integrate accountability in business processes. Using the NFComp modeling framework, we define and compose a set of non-functional concerns that securely assert that subjects have fulfilled their responsibilities, towards realizing accountability. The approach allows the reuse of the composed accountability concerns in different processes.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chollet, S., Lalanda, P.: Security specification at process level. In: IEEE International Conference on Services Computing, SCC 2008, vol. 1, pp. 165–172 (July 2008)Google Scholar
  2. 2.
    Gunestas, M., Wijesekera, D., Elkhodary, A.: An evidence generation model for web services. In: IEEE International Conference on System of Systems Engineering, SoSE 2009, May 30-June 3, pp. 1–6 (2009)Google Scholar
  3. 3.
    Gunestas, M., Wijesekera, D., Singhal, A.: Forensic web services. In: Ray, I., Shenoi, S. (eds.) Advances in Digital Forensics IV. IFIP International Federation for Information Processing, vol. 285, pp. 163–176. Springer, Boston (2008)CrossRefGoogle Scholar
  4. 4.
    Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair non-repudiation protocols. Computer Communications 25(17), 1606–1621 (2002)CrossRefGoogle Scholar
  5. 5.
    Lin, K.J., Panahi, M., Zhang, Y., Zhang, J., Chang, S.H.: Building accountability middleware to support dependable soa. IEEE Internet Computing 13, 16–25 (2009)CrossRefGoogle Scholar
  6. 6.
    Wang, L., Li, Y., Wijesekera, D., Jajodia, S.: Precisely answering multi-dimensional range queries without privacy breaches. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 100–115. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    OMG: Business Process Model and Notation (BPMN) 2.0 (January 2011)Google Scholar
  8. 8.
    Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, pp. 131–144. Springer, Heidelberg (2009)Google Scholar
  9. 9.
    Robinson, P., Cook, N., Shrivastava, S.: Implementing fair non-repudiable interactions with web services. In: EDOC Enterprise Computing Conference, 2005 Ninth IEEE International, pp. 195–206 (September 2005)Google Scholar
  10. 10.
    Schmeling, B., Charfi, A., Martin, M., Mezini, M.: Towards Conflict-Free Composition of Non-functional Concerns. In: Ralyté, J., Franch, X., Brinkkemper, S., Wrycza, S. (eds.) CAiSE 2012. LNCS, vol. 7328, pp. 80–94. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Schmeling, B., Charfi, A., Mezini, M.: Composing Non-Functional Concerns in Composite Web Services. In: IEEE International Conference on Web Services (ICWS 2011). IEEE Computer Society, Washington DC (2011)Google Scholar
  12. 12.
    Schmeling, B., Charfi, A., Thome, R., Mezini, M.: Composing Non-Functional Concerns in Web Services. In: The 9th European Conference on Web Services (ECOWS 2011). IEEE Computer Society, Lugano (2011)Google Scholar
  13. 13.
    Souza, A.R.R., et al.: Incorporating security requirements into service composition: From modelling to execution. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 373–388. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Tseng, M.M., Su, C.J., Qinhai, M.: Accountability centered approach to business process reengineering. In: HICSS, vol. (4), pp. 345–354 (1998)Google Scholar
  15. 15.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51, 82–87 (2008)CrossRefGoogle Scholar
  16. 16.
    Yao, J., Chen, S., Wang, C., Levy, D., Zic, J.: Accountability as a service for the cloud. In: IEEE International Conference on Services Computing (SCC) 2010, pp. 81–88 (July 2010)Google Scholar
  17. 17.
    Zou, J., De Vaney, C., Wang, Y.: A meta-modeling framework to support accountability in business process modeling. In: Yang, J., Ginige, A., Mayr, H.C., Kutsche, R.-D. (eds.) UNISCON 2009. LNBIP, vol. 20, pp. 539–550. Springer, Heidelberg (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Anderson Santana de Oliveira
    • 1
  • Anis Charfi
    • 2
  • Benjamin Schmeling
    • 3
  • Gabriel Serme
    • 1
  1. 1.SAP AGMouginsFrance
  2. 2.SAP AGDarmstadtGermany
  3. 3.UBL InformationssystemeNeu-IsenburgGermany

Personalised recommendations